California issues online ‘do not track’ guidelines

Under California law, websites must tell the public if and how they track users’ movements around the Internet.

Photo: AP

But the law, passed last year, doesn’t tell web companies exactly how they should report that information. It’s supposed to be part of each site’s privacy policy, but that’s it.

So this week, California Attorney General Kamala Harris issued a set of guidelines for how websites should report their tracking practices to users. It’s a far cry from actually forcing web companies not to track users at all — an elusive goal of many privacy advocates. But it could bring a little clarity to the situation.

Most web browsers have a “do not track” function that lets consumers state clearly that they don’t want their information and movements to be followed. Most websites, however, ignore that request, since tracking customers’ preferences has become central to the way many Internet companies make money.

The new guidelines, which are strictly voluntary, recommend that websites tell their users, in plain language, what personally identifiable information they collect, how they use it and how long they keep it. If a site ignores “do not track requests,” it should say so. And if it gives third parties access to users’ data, it should say that, too.

“These common-sense recommendations are clear, readable, useful and mercifully short,” said Aleecia McDonald, director of privacy at Stanford Law School’s Center for Internet and Society.